• 0 342 317 1951 - 1952

Slackware 14.2 işletim sistemi üzerinde zaman damgalı log üretme 20.11.2021

Önceden kurulu Slackware üzerinde gelen openssl yerine şu an son sürümü indirip kuralım.

mkdir /KURULUM2021

cd /KURULUM2021

wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz

 

tar xvf openssl-1.1.1l.tar.gz

cd openssl-1.1.1l

./config

make

make install

ldconfig

 

openssl version komutu ile kurulu olan sürümü görüyoruz

OpenSSL 1.1.1l 24 Aug 2021

 

/etc/rc.d/rc.syslog ta alt satir gibi acilmali yoksa 514 portu aktif olmuyor.

 

#SYSLOGD_OPTIONS="-c "

SYSLOGD_OPTIONS="-r -m 0 "

 

netstat -tulnp ile 512 portunun hizmet verdiğini gör.

 

20 yıllık sertifika üreteceğiz

mkdir /sertifikalar

cd /sertifikalar

 

openssl req -config /usr/local/ssl/openssl.cnf -days 7310 -x509 -newkey rsa:2048 -out cacert.pem -outform PEM

 

Alttaki alanları kuruma göre doldurun. cacert.pem ve privkey.pem dosyaları oluşacaktır dizinde

 

Generating a 2048 bit RSA private key

..........................................................+++

............................................+++

writing new private key to 'privkey.pem'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:TR

State or Province Name (full name) [Some-State]:Gaziantep-Turkey

Locality Name (eg, city) []:Gaziantep

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Gaziantep Universitesi

Organizational Unit Name (eg, section) []:Bilgi islem Merkezi

Common Name (eg, YOUR name) []:logserver001.gantep.edu.tr

Email Address []:logadmin@gantep.edu.tr

 

cp -r /usr/local/src/openssl-1.0.0k/apps/demoCA/ /GAUN

mkdir /GAUN/newcerts

 

root@log:/sertifikalar# mv /GAUN/cacert.pem /GAUN/cacert.pem.old

root@log:/sertifikalar# cp /sertifikalar/cacert.pem /GAUN/

 

root@log:/sertifikalar#mv /GAUN/private/cakey.pem /GAUN/private/cakey.pem.old

root@log:/sertifikalar#cp /sertifikalar/privkey.pem /GAUN/private/cakey.pem

 

/usr/local/ssl/openssl.cnf da alt satırları aktif et

 

#dir = ./demoCA # Where everything is kept iptal

dir = /GAUN # Where everything is kept

 

#dir = ./demoCA # TSA root directory iptal

dir = /GAUN # TSA root directory

 

extendedKeyUsage = critical,timeStamping

keyUsage = nonRepudiation, digitalSignature

 

openssl genrsa -aes256 -out tsakey.pem 2048

Generating RSA private key, 2048 bit long modulus

...........................+++

................................................+++

 

root@log:/sertifikalar# ls -asl

total 20

4 drwxr-xr-x 2 root root 4096 2010-07-12 15:50 ./

4 drwxr-xr-x 23 root root 4096 2010-07-12 14:39 ../

4 -rw-r--r-- 1 root root 1570 2010-07-12 14:32 cacert.pem

4 -rw-r--r-- 1 root root 1834 2010-07-12 14:32 privkey.pem

4 -rw-r--r-- 1 root root 1766 2010-07-12 15:51 tsakey.pem

 

 

openssl req -new -key tsakey.pem -out tsareq.csr

Enter pass phrase for tsakey.pem:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:TR

State or Province Name (full name) [Some-State]:Gaziantep-Turkey

Locality Name (eg, city) []:Gaziantep

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Gaziantep Universitesi

Organizational Unit Name (eg, section) []:Bilgi islem Merkezi

Common Name (eg, YOUR name) []:logserver001.gantep.edu.tr

Email Address []:system@gantep.edu.tr

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:sifreyi bos gectim

An optional company name []: Bos gectim

 

root@log:/sertifikalar# ls -asl

total 24

4 drwxr-xr-x 2 root root 4096 2010-07-12 15:56 ./

4 drwxr-xr-x 23 root root 4096 2010-07-12 14:39 ../

4 -rw-r--r-- 1 root root 1570 2010-07-12 14:32 cacert.pem

4 -rw-r--r-- 1 root root 1834 2010-07-12 14:32 privkey.pem

4 -rw-r--r-- 1 root root 1766 2010-07-12 15:51 tsakey.pem

4 -rw-r--r-- 1 root root 1159 2010-07-12 15:56 tsareq.csr

-------------------------------------------------------------------------

openssl ca -config /etc/ssl/openssl.cnf -in tsareq.csr -out tsacert.pem

 

Using configuration from /etc/ssl/openssl.cnf

Enter pass phrase for /GAUN/private/cakey.pem:

Check that the request matches the signature

Signature ok

Certificate Details:

Serial Number: 286 (0x11e)

Validity

Not Before: Jul 12 12:59:00 2019 GMT

Not After : Jul 12 12:59:00 2029 GMT

Subject:

countryName = TR

stateOrProvinceName = Gaziantep-Turkey

organizationName = Gaziantep Universitesi

organizationalUnitName = Bilgi islem Merkezi

commonName = logserver001.gantep.edu.tr

emailAddress = logadmin@gantep.edu.tr

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

X509v3 Key Usage:

Digital Signature, Non Repudiation

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

D8:D0:A9:65:11:D0:DE:53:A0:CC:9C:CA:79:8C:1E:EC:AC:69:7F:EF

X509v3 Authority Key Identifier:

keyid:99:5E:9B:BE:8B:8B:49:87:E3:E5:99:59:0C:BD:11:D6:CF:D8:5E:EE

 

X509v3 Extended Key Usage: critical

Time Stamping

Certificate is to be certified until Jul 12 12:59:00 2011 GMT (365 days)

Sign the certificate? [y/n]:y

 

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

-------------------------------------------------------------------------

root@log:/sertifikalar# cp /sertifikalar/tsacert.pem /GAUN/

root@log:/sertifikalar# cp /sertifikalar/tsakey.pem /GAUN/private/

 

imza dizini içine alacağımız leases dosyasını zaman damgalayalım.

root@log:/sertifikalar# mkdir /zamandamga

root@log:/sertifikalar# cd /zamandamga

cp /var/log/leases .

ls -asl

total 12

 

4 drwxr-xr-x 2 root root 4096 2010-07-12 16:02 ./

4 drwxr-xr-x 24 root root 4096 2010-07-12 16:01 ../

4 -rw-r----- 1 root root 3758 2010-07-12 16:02 leases

-------------------------------------------------------------------------

openssl ts -query -data leases -no_nonce -out leases.tsq

ls -asl

total 16

4 drwxr-xr-x 2 root root 4096 2010-07-12 16:04 ./

4 drwxr-xr-x 24 root root 4096 2010-07-12 16:01 ../

4 -rw-r----- 1 root root 3758 2010-07-12 16:02 leases

4 -rw-r--r-- 1 root root 40 2010-07-12 16:04 leases.tsq

-------------------------------------------------------------------------

openssl ts -reply -queryfile leases.tsq -out leases.tsr -config /usr/local/ssl/openssl.cnf

 

Using configuration from /etc/ssl/openssl.cnf

Enter PEM pass phrase:

Warning: could not open file /GAUN/tsaserial for reading, using serial number: 1

Response has been generated.

 

 

ls -asl

total 20

4 drwxr-xr-x 2 root root 4096 2010-07-12 16:06 ./

4 drwxr-xr-x 24 root root 4096 2010-07-12 16:01 ../

4 -rw-r----- 1 root root 3758 2010-07-12 16:02 leases

4 -rw-r--r-- 1 root root 40 2010-07-12 16:04 leases.tsq

4 -rw-r--r-- 1 root root 983 2010-07-12 16:06 leases.tsr

-------------------------------------------------------------------------

openssl ts -reply -in leases.tsr -text

Status info:

Status: Granted.

Status description: unspecified

Failure info: unspecified

 

TST info:

Version: 1

Policy OID: 1.2.3.4.1

Hash Algorithm: sha1

Message data:

0000 - 95 f0 82 61 ad fe 60 24-84 fd 7e 0e c2 fe 57 bf ...a..`$..~...W.

0010 - 60 c1 b9 dc Serial number: 0x01

Time stamp: Jul 12 13:06:06 2010 GMT

Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros

Ordering: yes

Nonce: unspecified

TSA: DirName:/C=TR/ST=Gaziantep-Turkey/O=Gaziantep Universitesi/OU=Bilgi islem Merkezi/CN=logserver.gantep.edu.tr/emailAddress=system@gantep.edu.tr

Extensions:

 

--------------------------------------------------------------

openssl ts -reply -queryfile leases.tsq -out leases.der -token_out -config /usr/local/ssl/openssl.cnf

Using configuration from /usr/local/ssl/openssl.cnf

Enter PEM pass phrase:

Response has been generated.

 

ls -asl

total 24

4 drwxr-xr-x 2 root root 4096 2010-07-12 16:09 ./

4 drwxr-xr-x 24 root root 4096 2010-07-12 16:01 ../

4 -rw-r----- 1 root root 3758 2010-07-12 16:02 leases

4 -rw-r--r-- 1 root root 974 2010-07-12 16:09 leases.der

4 -rw-r--r-- 1 root root 40 2010-07-12 16:04 leases.tsq

4 -rw-r--r-- 1 root root 983 2010-07-12 16:06 leases.tsr

---------------------------------------------------------------

openssl ts -reply -in leases.der -token_in -text -token_out

Version: 1

Policy OID: 1.2.3.4.1

Hash Algorithm: sha1

Message data:

0000 - 95 f0 82 61 ad fe 60 24-84 fd 7e 0e c2 fe 57 bf ...a..`$..~...W.

0010 - 60 c1 b9 dc `...

Serial number: 0x02

Time stamp: Jul 12 13:09:52 2010 GMT

Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros

Ordering: yes

Nonce: unspecified

TSA: DirName:/C=TR/ST=Gaziantep-Turkey/O=Gaziantep Universitesi/OU=Bilgi islem Merkezi/CN=logserver001.gantep.edu.tr/emailAddress=logadmin@gantep.edu.tr

Extensions:

 

openssl asn1parse -in leases.der -inform DER

0:d=0 hl=4 l= 970 cons: SEQUENCE

4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData

15:d=1 hl=4 l= 955 cons: cont [ 0 ]

19:d=2 hl=4 l= 951 cons: SEQUENCE

23:d=3 hl=2 l= 1 prim: INTEGER :03

26:d=3 hl=2 l= 11 cons: SET

28:d=4 hl=2 l= 9 cons: SEQUENCE

30:d=5 hl=2 l= 5 prim: OBJECT :sha1

37:d=5 hl=2 l= 0 prim: NULL

39:d=3 hl=4 l= 287 cons: SEQUENCE

43:d=4 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo

56:d=4 hl=4 l= 270 cons: cont [ 0 ]

60:d=5 hl=4 l= 266 prim: OCTET STRING [HEX

DUMP]:3082010602010106042A0304013021300906052B0E03021A0500041495F08261ADFE602484FD7E0EC2FE57BF60C1B9DC020102180F32303130303731323133303935325A300A020101800201F48101640101FFA081

B4A481B13081AE310B30090603550406130254523119301706035504080C1047617A69616E7465702D5475726B6579311F301D060355040A0C1647617A69616E74657020556E69766572736974657369311C301A06035504

0B0C1342696C67692069736C656D204D65726B657A693120301E06035504030C176C6F677365727665722E67616E7465702E6564752E74723123302106092A864886F70D010901161473797374656D4067616E7465702E65

64752E7472

330:d=3 hl=4 l= 640 cons: SET

334:d=4 hl=4 l= 636 cons: SEQUENCE

338:d=5 hl=2 l= 1 prim: INTEGER :01

341:d=5 hl=3 l= 201 cons: SEQUENCE

344:d=6 hl=3 l= 194 cons: SEQUENCE

347:d=7 hl=2 l= 11 cons: SET

349:d=8 hl=2 l= 9 cons: SEQUENCE

351:d=9 hl=2 l= 3 prim: OBJECT :countryName

356:d=9 hl=2 l= 2 prim: PRINTABLESTRING :TR

360:d=7 hl=2 l= 25 cons: SET

362:d=8 hl=2 l= 23 cons: SEQUENCE

364:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName

369:d=9 hl=2 l= 16 prim: UTF8STRING :Gaziantep-Turkey

387:d=7 hl=2 l= 18 cons: SET

389:d=8 hl=2 l= 16 cons: SEQUENCE

391:d=9 hl=2 l= 3 prim: OBJECT :localityName

396:d=9 hl=2 l= 9 prim: UTF8STRING :Gaziantep

407:d=7 hl=2 l= 31 cons: SET

409:d=8 hl=2 l= 29 cons: SEQUENCE

411:d=9 hl=2 l= 3 prim: OBJECT :organizationName

416:d=9 hl=2 l= 22 prim: UTF8STRING :Gaziantep Universitesi

440:d=7 hl=2 l= 28 cons: SET

442:d=8 hl=2 l= 26 cons: SEQUENCE

444:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName

449:d=9 hl=2 l= 19 prim: UTF8STRING :Bilgi islem Merkezi

470:d=7 hl=2 l= 32 cons: SET

472:d=8 hl=2 l= 30 cons: SEQUENCE

474:d=9 hl=2 l= 3 prim: OBJECT :commonName

479:d=9 hl=2 l= 23 prim: UTF8STRING :logserver001.gantep.edu.tr

504:d=7 hl=2 l= 35 cons: SET

506:d=8 hl=2 l= 33 cons: SEQUENCE

508:d=9 hl=2 l= 9 prim: OBJECT :emailAddress

519:d=9 hl=2 l= 20 prim: IA5STRING :logadmin@gantep.edu.tr

541:d=6 hl=2 l= 2 prim: INTEGER :011E

545:d=5 hl=2 l= 9 cons: SEQUENCE

547:d=6 hl=2 l= 5 prim: OBJECT :sha1

554:d=6 hl=2 l= 0 prim: NULL

556:d=5 hl=3 l= 140 cons: cont [ 0 ]

559:d=6 hl=2 l= 26 cons: SEQUENCE

561:d=7 hl=2 l= 9 prim: OBJECT :contentType

572:d=7 hl=2 l= 13 cons: SET

574:d=8 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo

587:d=6 hl=2 l= 28 cons: SEQUENCE

589:d=7 hl=2 l= 9 prim: OBJECT :signingTime

600:d=7 hl=2 l= 15 cons: SET

602:d=8 hl=2 l= 13 prim: UTCTIME :100712130952Z

617:d=6 hl=2 l= 35 cons: SEQUENCE

619:d=7 hl=2 l= 9 prim: OBJECT :messageDigest

630:d=7 hl=2 l= 22 cons: SET

632:d=8 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:64BA2DBB0F167A23C21931A93B35FFD59D52DE35

654:d=6 hl=2 l= 43 cons: SEQUENCE

656:d=7 hl=2 l= 11 prim: OBJECT :id-smime-aa-signingCertificate

669:d=7 hl=2 l= 28 cons: SET

671:d=8 hl=2 l= 26 cons: SEQUENCE

673:d=9 hl=2 l= 24 cons: SEQUENCE

675:d=10 hl=2 l= 22 cons: SEQUENCE

677:d=11 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:E94D48328D7F8B99839F2EBD236993B8656291EA

699:d=5 hl=2 l= 13 cons: SEQUENCE

701:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption

712:d=6 hl=2 l= 0 prim: NULL

714:d=5 hl=4 l= 256 prim: OCTET STRING [HEX

DUMP]:739CA704758CF315616956148E6F27DF9A56B203187ADD1C337CBAC7611C893229C10AFC74EE0C2F479B2308315E0DC27C42EFE40502C610001AA64990570498DA66865C002934A0C2906771B2C3627AF86C6D0767

D0A7594D1D0E528A0A6C658312D7B94A616D0647DFB7F25D63EEF55A74DAC648280EF72108039D90518A9E41BD3B585679E5FF876A1778989ADF245AE7C7C74D719B235B81093A388C69C3E321F9B75F365ADA073DA64972

EB903636BC6C14281AE874EB1E871C0151F0F1DCCFEDBB38862A3E4DEEE0209E5B0996819A0FC95C0C54758AB7110BF927D6ECE34C5E65DCA583A43D005523E1C3D7E0191DBBB8A0684761F7E5721BA16E810D

-------------------------------------------------------------------------

Verify islemleri

openssl ts -verify -data leases -in leases.der -token_in -CAfile /GAUN/cacert.pem -untrusted /GAUN/tsacert.pem

Verification: OK

 

openssl ts -verify -queryfile leases.tsq -in leases.tsr -CAfile /GAUN/cacert.pem -untrusted /GAUN/tsacert.pem

Verification: OK

 

Eger dosyalar ile imza sonrası oynayip tekrar verification islemi yaparsak Verification: FAILED hatasi verdiğini yani dosyanın aslının bozulduğunu görürüz.